CVE-2024-58070

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-58070
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58070.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-58070
Downstream
Related
Published
2025-03-06T15:54:10Z
Modified
2025-10-17T20:37:31.343091Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: bpflocalstorage: Always use bpfmemalloc in PREEMPT_RT

In PREEMPTRT, kmalloc(GFPATOMIC) is still not safe in non preemptible context. bpfmemalloc must be used in PREEMPTRT. This patch is to enforce bpfmemalloc in the bpflocalstorage when CONFIGPREEMPT_RT is enabled.

[ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48 [ 35.118566] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 1832, name: testprogs [ 35.118569] preemptcount: 1, expected: 0 [ 35.118571] RCU nest depth: 1, expected: 1 [ 35.118577] INFO: lockdep is turned off. ... [ 35.118647] mightresched+0x433/0x5b0 [ 35.118677] rtspinlock+0xc3/0x290 [ 35.118700] _slaballoc+0x72/0xc40 [ 35.118723] _kmallocnoprof+0x13f/0x4e0 [ 35.118732] bpfmapkzalloc+0xe5/0x220 [ 35.118740] bpfselemalloc+0x1d2/0x7b0 [ 35.118755] bpflocalstorageupdate+0x2fa/0x8b0 [ 35.118784] bpfskstoragegettracing+0x15a/0x1d0 [ 35.118791] bpfprog9a118d86fca78ebbtraceinetsocksetstate+0x44/0x66 [ 35.118795] bpftracerun3+0x222/0x400 [ 35.118820] _bpftraceinetsocksetstate+0x11/0x20 [ 35.118824] traceinetsocksetstate+0x112/0x130 [ 35.118830] inetskstatestore+0x41/0x90 [ 35.118836] tcpset_state+0x3b3/0x640

There is no need to adjust the gfpflags passing to the bpfmemcacheallocflags() which only honors the GFPKERNEL. The verifier has ensured GFP_KERNEL is passed only in sleepable context.

It has been an old issue since the first introduction of the bpflocalstorage ~5 years ago, so this patch targets the bpf-next.

bpfmemalloc is needed to solve it, so the Fixes tag is set to the commit when bpfmemalloc was first used in the bpflocalstorage.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
08a7ce384e33e53e0732c500a8af67a73f8fceca
Fixed
3392fa605d7c5708c5fbe02e4fbdac547c3b7352
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
08a7ce384e33e53e0732c500a8af67a73f8fceca
Fixed
b0027500000dfcb8ee952557d565064cea22c43e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
08a7ce384e33e53e0732c500a8af67a73f8fceca
Fixed
c1d398a3af7e59d7fef351c84fed7ebb575d1f1a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
08a7ce384e33e53e0732c500a8af67a73f8fceca
Fixed
8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "30375053866688687337588362929443001962",
            "length": 1193.0
        },
        "id": "CVE-2024-58070-3b743e33",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1d398a3af7e59d7fef351c84fed7ebb575d1f1a",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c",
            "function": "bpf_local_storage_map_alloc"
        },
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6641136642343491825202947190336053488",
                "333704829190144063344471921410395208981",
                "251962685213550808694567554742023844844",
                "159463284591784493236362603257146047887",
                "208222529029189846890301158343796618698"
            ]
        },
        "id": "CVE-2024-58070-81885966",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3392fa605d7c5708c5fbe02e4fbdac547c3b7352",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c"
        },
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6641136642343491825202947190336053488",
                "333704829190144063344471921410395208981",
                "251962685213550808694567554742023844844",
                "159463284591784493236362603257146047887",
                "208222529029189846890301158343796618698"
            ]
        },
        "id": "CVE-2024-58070-91ecd136",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0027500000dfcb8ee952557d565064cea22c43e",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c"
        },
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6641136642343491825202947190336053488",
                "333704829190144063344471921410395208981",
                "251962685213550808694567554742023844844",
                "159463284591784493236362603257146047887",
                "208222529029189846890301158343796618698"
            ]
        },
        "id": "CVE-2024-58070-9adb9af3",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c"
        },
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "30375053866688687337588362929443001962",
            "length": 1193.0
        },
        "id": "CVE-2024-58070-cffc50f8",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c",
            "function": "bpf_local_storage_map_alloc"
        },
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "30375053866688687337588362929443001962",
            "length": 1193.0
        },
        "id": "CVE-2024-58070-dc3f52b2",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0027500000dfcb8ee952557d565064cea22c43e",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c",
            "function": "bpf_local_storage_map_alloc"
        },
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "30375053866688687337588362929443001962",
            "length": 1193.0
        },
        "id": "CVE-2024-58070-dcb615b7",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3392fa605d7c5708c5fbe02e4fbdac547c3b7352",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c",
            "function": "bpf_local_storage_map_alloc"
        },
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6641136642343491825202947190336053488",
                "333704829190144063344471921410395208981",
                "251962685213550808694567554742023844844",
                "159463284591784493236362603257146047887",
                "208222529029189846890301158343796618698"
            ]
        },
        "id": "CVE-2024-58070-f8580031",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1d398a3af7e59d7fef351c84fed7ebb575d1f1a",
        "target": {
            "file": "kernel/bpf/bpf_local_storage.c"
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.76
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.13
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.2